I am running Fedora 8 in run level 5. SELinux is enabled. When I <ctl><alt><F[1-6]> to a virtual console I get the text login screen I enter a username and password (either root or any normal user) I press enter, and get a message "Error in service module" The screen clears and returns to login. If I disable SELinux with setenforce 0 this does not happen. [root@confianza ~]# uname -a Linux confianza 2.6.26.5-28.fc8 #1 SMP Sat Sep 20 09:12:30 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux in /var/log/messages I get Oct 6 15:37:21 localhost setroubleshoot: SELinux is preventing login (local_login_t) "read" to ./limits.conf (var_log_t). For complete SELinux messages. run sealert -l 5f8baee3-51a7-4c91-bb95-2499cf6e0f6f So as recommended I ran [root@confianza log]# sealert -l 5f8baee3-51a7-4c91-bb95-2499cf6e0f6f Summary: SELinux is preventing login (local_login_t) "read" to ./limits.conf (var_log_t). Detailed Description: SELinux denied access requested by login. It is not expected that this access is required by login and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./limits.conf, restorecon -v './limits.conf' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:local_login_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_log_t:s0 Target Objects ./limits.conf [ file ] Source login Source Path /bin/login Port <Unknown> Host confianza Source RPM Packages util-linux-ng-2.13.1-2.fc8 Target RPM Packages Policy RPM selinux-policy-3.0.8-117.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name confianza Platform Linux confianza 2.6.26.5-28.fc8 #1 SMP Sat Sep 20 09:12:30 EDT 2008 x86_64 x86_64 Alert Count 1 First Seen Mon Oct 6 15:37:21 2008 Last Seen Mon Oct 6 15:37:21 2008 Local ID 5f8baee3-51a7-4c91-bb95-2499cf6e0f6f Line Numbers Raw Audit Messages host=confianza type=AVC msg=audit(1223325441.857:129): avc: denied { read } for pid=4909 comm="login" name="limits.conf" dev=sda6 ino=1177254 scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=file host=confianza type=SYSCALL msg=audit(1223325441.857:129): arch=c000003e syscall=2 success=no exit=-13 a0=7ff9a3aeb786 a1=0 a2=1b6 a3=0 items=0 ppid=1 pid=4909 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty2 ses=4294967295 comm="login" exe="/bin/login" subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null) I check /etc/security/limits.conf [root@confianza security]# ls -Z limits.conf -rw-r--r-- root root system_u:object_r:var_log_t:s0 limits.conf I try to relabel [root@confianza security]# restorecon -v './limits.conf' restorecon reset ./limits.conf context system_u:object_r:var_log_t:s0->system_u:object_r:etc_t:s0 Doesn't help I read the FAQ at http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 I read the man page for audit2allow and I don't get it. Has anyone run into this before? How do I fix it without having to disable SELinux? Thanks for your help Dennis K ¡Todo sobre Amor y Sexo! La guía completa para tu vida en Mujer de Hoy. http://mx.mujer.yahoo.com/ -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
